[BusyBox] Improving Our Development Process
Vladimir N. Oleynik
dzo at simtreas.ru
Fri Jan 26 16:30:44 UTC 2001
Matt Kraai wrote:
> As I see it, there are two concerns you raise with integrating the
> priviledge dropping code into the main busybox executable. First,
> it is impossible to change which binaries are setuid without
> recompiling.
1) Analysis of a code of mine wrapper for recompiling so up to
ridiculous is trivial, but it cannot be told about busybox.
2) At the big skill, this code can be generated directly from `init'.
If this idea interesting, I am ready to make this variant
for I386/2.2.X.
> Second, the code for dropping priviledges is
> executed by binaries that don't need to be setuid.
Alas. I have not understood it.
> As far as I can tell, the second argument isn't really a big
> problem. The size difference should be pretty small, and the
> speed unnoticeable. As to the flexibility problem, I think the
> cost of having a separate, unique wrapper binary for each setuid
> applet is prohibitive.
Unfortunately, you also have scarified my idea of obtaining of an
additional scoring on my message from January, 10.
In the complex with your idea we can even _reduce a current size_
applets.h :).
> A better approach, if such flexibility is
> really needed, and I'm not convinced that it is, is to read a list
> of setuid executable from /etc/busybox-suid or something. That
> way the administrator could change which programs are setuid
> without having to pay the cost of a bunch of wrappers.
`sudo' witch reverse logic :0 ;)
As do not twist - all clumsily. ;)
It seems you have prompted, that it is impossible to find out a name
application, if it hardlinks. Now you repeat my error.
--w
vodz
More information about the busybox
mailing list